Whistleblower Alleges DOGE Endangered Social Security Numbers with Vulnerable Cloud Server Upload
A whistleblower complaint filed by Charles Borges, the Social Security Administration’s (SSA) chief data officer, has accused the Department of Government Efficiency (DOGE) of jeopardizing the personal data of over 300 million Americans by uploading the SSA’s Numerical Identification System (Numident) database to an unsecured cloud server in June 2025. The database, containing Social Security numbers, names, addresses, birth dates, and other sensitive information, was allegedly transferred without adequate security measures, creating “enormous vulnerabilities” for identity theft and fraud, according to the complaint filed with the Office of Special Counsel and congressional committees through the Government Accountability Project.
Details of the Allegations
Borges’ complaint, detailed in reports by Forbes and The New York Times, alleges that on June 10, 2025, days after a Supreme Court ruling lifted restrictions on DOGE’s access to SSA data, former DOGE member John Solly requested the transfer of the Numident database to a “virtual private cloud” within the SSA’s Amazon Web Services infrastructure. This server, accessible only to DOGE personnel, reportedly lacked the independent security monitoring and oversight required by SSA policy. Borges, excluded from discussions despite his role, claims the move was authorized by SSA Chief Information Officer Aram Moghaddassi, who previously worked at Elon Musk’s X and Neuralink.
Internal SSA documents, including a June 16 risk assessment by acting chief information security officer Joe Cunningham, labeled the project “high risk” and warned of “catastrophic impact” to SSA beneficiaries if the database were compromised. Despite these concerns, Moghaddassi approved the transfer on July 15, stating, “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks.” Borges alleges this action potentially violated federal data protection laws, including the Privacy Act, and lacked mechanisms to monitor data usage or sharing.
The Numident database, with over 548 million records, is a critical repository of personal information for every individual issued a Social Security number. Borges warned that a breach could lead to widespread identity theft, loss of benefits, and the costly reissuance of Social Security numbers, with NPR noting the potential for “catastrophic” consequences.
Context and Broader Concerns
DOGE, a Musk-led initiative under President Donald Trump’s administration, has faced scrutiny for its handling of sensitive data across agencies. Borges’ complaint follows earlier whistleblower reports, including an April 2025 letter from Representative Gerry Connolly, D-Va., to the SSA’s Inspector General, alleging DOGE’s efforts to build a “master database” with data from the SSA, IRS, and other agencies, potentially violating privacy laws. A March 2025 federal court order briefly blocked DOGE’s access to SSA data, but the Supreme Court overturned it on June 6, enabling the transfer Borges describes.
Public reaction on X has been vocal, with @FrankPallone posting, “Every Social Security number ever issued — names, addresses, birthdates — placed on a vulnerable server by Trump’s DOGE cronies.” @GovAcctProj, representing Borges, emphasized, “Our whistleblower, featured today on the @nytimes: DOGE Put Critical Social Security Data at Risk.” Some users, however, speculated that DOGE aimed to improve data-sharing efficiency, though no evidence supports this as the motive.
Official Responses and Next Steps
The SSA told NPR that the data remains secure in a “long-standing environment used by SSA and walled off from the internet,” with no known breaches. The agency highlighted oversight by its information security team but did not address Borges’ exclusion from the process. Andrea Meza, a Government Accountability Project attorney, stated, “Mr. Borges spent weeks pressing for fixes inside the agency. When nothing changed, he used protected whistleblower channels.”
Connolly has renewed calls for an investigation, citing DOGE’s “haphazard” data practices. The Office of Special Counsel and congressional committees are reviewing the complaint, which could prompt reforms to federal data security protocols. While no breach has been confirmed, the allegations underscore tensions between DOGE’s efficiency goals and the need to protect sensitive information.
Sources: Forbes, The New York Times, NPR, MSN, Newsmax, Government Accountability Project, The Hill, X posts.